CN108494679B - Linux system based SSH message forwarding method and device for realizing router - Google Patents

Linux system based SSH message forwarding method and device for realizing router Download PDF

Info

Publication number
CN108494679B
CN108494679B CN201810556868.8A CN201810556868A CN108494679B CN 108494679 B CN108494679 B CN 108494679B CN 201810556868 A CN201810556868 A CN 201810556868A CN 108494679 B CN108494679 B CN 108494679B
Authority
CN
China
Prior art keywords
network card
ssh
message
virtual network
user space
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810556868.8A
Other languages
Chinese (zh)
Other versions
CN108494679A (en
Inventor
薛秋宝
谭国权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Greenet Information Service Co Ltd
Original Assignee
Wuhan Greenet Information Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Greenet Information Service Co Ltd filed Critical Wuhan Greenet Information Service Co Ltd
Priority to CN201810556868.8A priority Critical patent/CN108494679B/en
Publication of CN108494679A publication Critical patent/CN108494679A/en
Application granted granted Critical
Publication of CN108494679B publication Critical patent/CN108494679B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/741Routing in networks with a plurality of addressing schemes, e.g. with both IPv4 and IPv6
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • H04L49/252Store and forward routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/90Buffering arrangements
    • H04L49/9005Buffering arrangements using dynamic buffer space allocation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of computer routing, and provides a Linux system-based SSH message forwarding method and device for realizing a router. The physical network card receives the SSH message and analyzes the destination IP of the SSH message; confirming that the target IP of the SSH message is the same as the loopback interface IP of the virtual network card, and writing the SSH message into a cache region of the corresponding virtual network card; after the virtual network card acquires the SSH message, a first routing table on the Linux system is inquired to generate a response message; and the user space application program reads the response message from the cache region of the corresponding virtual network card, selects an outlet physical network card of the response message according to the searched second routing table entry, and sends the response message out through the outlet physical network card. The invention realizes the loop back function presented by the router based on the Linux system, and improves the stability of the SSH message.

Description

Linux system based SSH message forwarding method and device for realizing router
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of computer routing, in particular to a Linux system-based SSH message forwarding method and device for realizing a router.
[ background of the invention ]
On a traditional router, there exists a virtual interface called a loopback interface or a loopback interface, the loopback interface is a logical interface and is unrelated to a physical network interface, and the state of the loopback interface is always UP.
The loopback interface is characterized by stability and no possibility of failure, for example, a router has a plurality of interfaces connected to a network, only an IP address of one interface can be allowed to be telnet for safety, and the router cannot be logged in when the interface fails, whereas if the loopback interface is used as a management address of telnet, the router can be logged in as long as a physical interface is normally connected to the network, and of course, the route of the loopback interface is declared to the network. For example, if a Border Gateway Protocol (BGP) session is connected using a physical interface, once the physical interface is down, a BGP neighbor is down, and when it is up, the BGP neighbor needs to reinitialize BGP and perform routing convergence, which is very time consuming for router performance, and if a loopback interface is used as an interface of the BGP session, even if the currently used link is interrupted, the BGP session is not reset as long as there are other links that can reach the other side in the network, thereby ensuring the stability of the network. Of course, the loop back port can also be used for a plurality of purposes, but the loop back port is mainly characterized in stability.
The router function is realized on the x86 architecture Linux system, a loopback interface is required to be realized, but a general Linux system does not realize the virtual interface, so a scheme needs to be designed for realizing the router function.
[ summary of the invention ]
The technical problem to be solved by the present invention is to implement the function of the router on the x86 architecture Linux system, which necessitates implementing the loopback interface, but the general Linux system does not implement such a virtual interface, so a scheme needs to be designed to implement the loopback interface, and how to apply the router with the loopback interface function to SSH message forwarding.
The technical problem to be further solved by the present invention is to introduce the Linux system into a conventional routing function through its own processing capability, thereby providing functions that cannot be solved or improved by the conventional router, including deep parsing of a packet, etc.
The invention adopts the following technical scheme:
in a first aspect, the present invention provides a method for implementing SSH packet forwarding for a router based on a Linux system, which includes creating a virtual network card on the Linux system, configuring a loopback IP address for the virtual network card, configuring a TCP protocol preset port of an SSH process monitoring loopback, and starting the SSH process, the method including:
the physical network card receives the SSH message, and a user space application program acquires the SSH message and analyzes a target IP of the SSH message;
the user space application program confirms that the target IP of the SSH message is the same as the loopback interface IP of the virtual network card, and writes the SSH message into the cache region of the corresponding virtual network card;
after the virtual network card acquires the SSH message through the corresponding cache region, if the target port of the SSH message is confirmed to be the same as the preset port monitored by the SSH process, the SSH message is sent to the SSH process for processing, and the SSH process generates a response message according to an SSH protocol;
inquiring a first routing table on a Linux system, and selecting the virtual network card to send a response message of the SSH process according to the found first routing table item; wherein, the response message is stored in the buffer area of the corresponding virtual network card;
and the user space application program reads the response message from the cache region of the corresponding virtual network card, inquires a second routing table in the user space application program, selects an outlet physical network card of the response message according to the searched second routing table item, and sends the response message out through the outlet physical network card.
Preferably, the first routing table stores a loopback interface IP address of the virtual network card and a policy route of a port number of the corresponding virtual network card, the policy route is selected based on the loopback interface IP as a source address, and the virtual network card queries the policy route to select the virtual network card when generating a response message; the second routing table stores a routing network environment, is composed of the IP address of each router 0 and the port number of each corresponding router, is used for a user space application program to inquire the routing and select a physical network card, and carries out routing based on a source IP network segment, a destination port range and a protocol type.
Preferably, after the user space application program reads the response message from the cache area of the corresponding virtual network card, the user space application program queries the second routing table in the user space application program, and selects the outlet physical network card of the response message according to the found second routing table entry, further comprising:
the application program carries out deep packet analysis on the response message to obtain one or more analysis results of the application type, the network speed configuration and the bandwidth requirement of the response message; and according to the analysis result and the second routing table entry, selecting and matching a physical network card and a corresponding port which are suitable for the application type, the network speed configuration and/or the bandwidth requirement, and transmitting the response message.
Preferably, the method further comprises:
receiving an update message aiming at a second routing table, wherein the update message aiming at the second routing table is generated by a server side according to the current network type state and is used for deep message analysis, and then identified routing strategies corresponding to different application types, network speed configurations and/or bandwidth requirements are carried out;
the user space application updates the corresponding routing policy in the second routing table stored locally.
Preferably, when a first physical network card in the local device has a fault, the user space application detects the network card fault, notifies the adjacent router through a dynamic routing protocol, updates a local second routing table, and updates a routing table entry of a message originally distributed to the first physical network card based on deep packet analysis to a second physical network card with the closest performance to the first physical network card.
Preferably, before the user space application program obtains a destination IP of an SSH message from the SSH message received from the physical network card, the method further includes:
establishing a preset number of caches in a Linux kernel, and then connecting the caches by using a ring buffer queue descriptor to form a network buffer list;
the Linux kernel establishes a mapping relation between a physical network card and the network buffer list; and the control right of the buffer area is switched between the physical network card and the user space application program according to the writing and reading requirements of data.
Preferably, the writing the SSH packet into the cache area of the corresponding virtual network card specifically includes:
when a user space application program uses a write () system function to call and write an SSH message into a character device file of the virtual network card, a tun _ chr _ write () function is called, and the tun _ chr _ write () function uses tun _ get _ user () to receive data from a user area, wherein the data is stored into a cache area of the virtual network card; so that the virtual network card calls a function netif _ rx () to send the cache area of the virtual network card to a TCP/IP protocol stack for processing, and when the destination port of the SSH message is confirmed to be the same as the preset port monitored by the SSH process, the SSH process forwards the SSH message to complete the generation of the response message.
Preferably, the reading, by the user space application program, of the response packet from the cache region of the corresponding virtual network card specifically includes:
the TCP/IP protocol stack stores the generated response message in a cache region of the virtual network card; awakening the blocked process of reading data by using the character device of the virtual network card, reading the cache area of the virtual network card by using the character device of the virtual network card, and sending each read cache to the user space application program.
Preferably, the method further includes that the user space application program actively initiates a message to the outside, specifically including:
the user space application program calls a socket function interface, specifies the IP address of the target equipment and actively sends a message from the virtual network card; wherein the actively sending out the message comprises: actively establishing BGP neighbor messages with the router, updating messages of routing tables in other routers in the network topology, sending messages of the fault of the local physical network card to the server, and sending one or more DPI analysis messages to the server.
In a second aspect, the present invention further provides an SSH packet forwarding apparatus for implementing a router based on a Linux system, for implementing the SSH packet forwarding method for implementing a router based on a Linux system in the first aspect, where the apparatus includes:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being programmed to perform the SSH message forwarding method for implementing a router based on a Linux system as described in the first aspect.
In a third aspect, the present invention further provides a non-volatile computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more processors, and are used to complete the SSH packet forwarding method for implementing a router based on a Linux system according to the first aspect.
The invention realizes the loop back interface function presented by the router based on the Linux system by designing the virtual network card, improves the stability of the router, realizes the intervention of a user space application program in the reading, analyzing and sending processes of the data message by establishing the virtual network card, realizes the fusion of the router and the SSH message forwarding function, and provides a design interface for solving the complex analyzing process which can not be realized by the conventional router in the subsequent extension implementation scheme of the invention.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic flowchart of an SSH message forwarding method for implementing a router based on a Linux system according to an embodiment of the present invention;
fig. 2 is a schematic diagram of configuration parameters for implementing SSH message forwarding of a router based on a Linux system according to an embodiment of the present invention;
fig. 3 is a schematic diagram of configuration parameters for implementing SSH message forwarding of a router based on a Linux system according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a specific application scenario provided in the embodiment of the present invention;
fig. 5 is a schematic flowchart illustrating an implementation process of a user space application expanding a process in an SSH message received from a physical network card according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of an improved SSH message forwarding method for implementing a router based on a Linux system according to an embodiment of the present invention;
fig. 7 is a schematic diagram of an architecture signaling for creating a network buffer list according to an embodiment of the present invention;
fig. 8 is a schematic flowchart of an SSH packet forwarding method for implementing a router based on a Linux system according to an embodiment of the present invention;
fig. 9 is a signaling architecture diagram of a router with a network card failure, implemented based on a Linux system according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an SSH packet forwarding apparatus for implementing a router based on a Linux system according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the description of the present invention, the terms "inner", "outer", "longitudinal", "lateral", "upper", "lower", "top", "bottom", and the like indicate orientations or positional relationships based on those shown in the drawings, and are for convenience only to describe the present invention without requiring the present invention to be necessarily constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
In the existing network architecture, if the function of the router is to be implemented on the x86 architecture Linux system, the loopback interface function must be implemented. This is because as the complexity of network topology increases and the amount of data increases explosively, the common fixed physical IP approach cannot meet the device robustness requirement in the above environment. However, such a virtual interface is not implemented on a general Linux system, and therefore, a router with a loopback interface function cannot be implemented on an x86 architecture Linux system.
Example 1:
the embodiment 1 of the invention provides an SSH message forwarding method for realizing a router based on a Linux system, which comprises the steps of firstly creating a virtual network card on the Linux system, configuring a loopback interface IP address for the virtual network card, configuring a TCP protocol preset port (such as a port 22) of an SSH process monitoring loopback interface, and starting the SSH process; the loopback interface IP address is an addressable address represented in the network after the Linux system is characterized as a router, and the loopback interface IP address establishes a mapping relation with a plurality of physical network cards configured on the Linux system, so that the loopback interface IP address can be used as a target addressing function and can be used as a transmission source address to be connected with the physical network. As shown in fig. 1, the method comprises:
in step 201, the physical network card receives the SSH message, and the user space application program obtains the SSH message and analyzes the destination IP of the SSH message.
The physical network card is a direct receiving device for data messages, the physical network card generally refers to a network card hardware device inserted on a mainboard or integrated on the mainboard, and the physical network card is provided with a network port or a wireless broadband transceiver module connected with an external network. And the virtual network card provides an interface for user space applications to access kernel data.
In step 202, the user space application program confirms that the destination IP of the SSH packet is the same as the loopback interface IP of the virtual network card, and writes the SSH packet into the cache region of the corresponding virtual network card.
The SSH message is usually written into the cache area of the corresponding virtual network card by using the write () system function of the Linux system.
In step 203, after the virtual network card acquires the SSH message through the corresponding cache region, if it is determined that the destination port of the SSH message is the same as the preset port monitored by the SSH process, the SSH message is delivered to the SSH process for processing, and the SSH process generates a response message according to the SSH protocol.
In step 204, a first routing table on the Linux system is queried, and according to the found corresponding routing table entry, the virtual network card is selected to send a response message of the SSH process. And the response message is stored in a cache region of the corresponding virtual network card.
In the specific implementation method, the response packet is usually completed by a protocol stack, that is, after the virtual network card finds a corresponding routing table entry, the SSH packet and the relevant routing table entry are sent to the protocol stack, and the protocol stack completes generation of the response packet.
The first routing table stores a loopback interface IP address of the virtual network card and a policy route of a port number of the corresponding virtual network card, the policy route is selected based on the loopback interface IP as a source address, and the virtual network card queries the policy route to select the virtual network card when generating a response message. In order to reduce the occupation and the loss of resources of an inner core of the Linux system, in the embodiment of the present invention, the first routing table does not store external routing information, but only stores a loopback interface IP address of a virtual network card and a port number of the corresponding virtual network card, so that when a user space application program calls a corresponding response message, the user space application program knows the implementation intention of the response message, that is, a specific physical network card needs to be formulated through the loopback interface IP address to complete the transmission of the message. And the first routing table does not store substantive routing information, and the content related to substantive routing information is stored in the second routing table in the user space, thereby achieving the purpose of reducing the occupation and the loss of resources of the Linux system kernel.
Taking the configuration parameters shown in fig. 2 as an example, with the method provided in the embodiment of the present invention, a loopback interface loopback0 is created by generating a virtual network card, the IP of loopback0 is 10.0.2.2, and a policy route is added to the first routing table: the source IP address of the message is 10.0.2.2, and the message is sent out from the loopback interface loopback0, namely the source IP is 10.0.2.2- - > loopback 0.
In step 205, the user space application program reads the response packet from the cache area of the corresponding virtual network card, queries the second routing table in the user space application program, selects an egress physical network card of the response packet according to the found second routing table entry, and sends out the response packet through the egress physical network card.
The second routing table stores the IP addresses of the routers and the port numbers (e.g., source IP, destination port, etc.) of the corresponding routers in the network environment of the routing, the routing is performed based on the source IP network segment, the destination port range and the protocol type (TCP/UDP), and the user space application program queries the routing to select the physical network card. In the embodiment of the present invention, the total amount of routing table entries, which may reach thousands, are stored in the second routing table located in the user space layer, so that the first routing table stored in the kernel in step 204 is simplified, and resource occupation in the kernel with more scarce resources is saved.
Taking the configuration parameters shown in fig. 3 as an example, the application routing table entry: and selecting the route based on the source IP network segment, the target port range and the protocol type. That is, the destination IP is 1.1.1.1/32- - > eth2, where eth2 is the identity of the physical network card (this identity will be used for further explanation in the following example demonstration of the embodiment of the present invention).
The embodiment of the invention realizes the loop back interface function presented by the router based on the Linux system to the outside by designing the virtual network card, improves the stability of the router, realizes the intervention of a user space application program in the reading, analyzing and sending processes of the data message by establishing the virtual network card, realizes the fusion of the router and the SSH message forwarding function, and provides a design interface for solving the complex analyzing process which cannot be realized by the conventional router in the subsequent extension implementation scheme of the invention.
Taking fig. 4 as an example, the router R1 needs to establish communication with an application, and specifies that IP using the loopback interface loopback0 of 1.1.1.1 and the application is 10.0.2.2 to establish connection. The source IP of the SSH message initiated by the router R1 is 1.1.1.1, the destination IP is 10.0.2.2, the message reaches the physical network card eth2 and is received by the application program, the application program determines that the destination IP is 10.0.2.2, which is the IP of the loopback interface loopback0 of the virtual network card (in this example, TUN virtual network card is taken as an example), so that the header of the mac in the two layers is removed, only the message including the IP header is sent to the loopback interface loopback0 of the virtual network card through the write function, the virtual network card calls the protocol stack to generate the source IP of the response message as 10.0.2.2, the destination IP is 1.1.1.1, the policy route in the first route is queried (the first route is located, the second route in the application program cannot be queried in the processing process of the protocol stack), and the response message is sent out from the loopback back 0. The application program captures the response message through a read function, queries a second route in the application program, selects the physical network card of the response message as eth2, and sends the response message to R1 from eth2 after encapsulating the two-layer header according to mac and vlan information of the physical network card eth 2.
In embodiment 1 of the present invention, in order to improve the data processing uniformity and efficiency of the user space application program and the physical network card for the received SSH packet, there is an optimal implementation scheme that a preset number of caches are established in a Linux kernel, and then the caches are connected by using a ring buffer queue descriptor to form a network buffer list.
The Linux kernel establishes a mapping relation between a physical network card and the network buffer list; and the control right of the buffer area is switched between the physical network card and the user space application program according to the writing and reading requirements of data. In the actual implementation process, the buffer area may also receive write-in and read-out operations of the user space application program, and of course, the related operations of the user space application program on the buffer area may also be implemented by a virtual network card, and both the above two manners of implementing the user space application program to access the buffer area may be implemented in the embodiment of the present invention. And the user space application program realizes the reading and writing operation of the data in the network buffer area list through the virtual network card. Linux
Therefore, in step 201, the user space application expands the flow of SSH messages received from the physical network card, and as shown in fig. 5, the flow is represented by the following sub-steps:
in step 2011, the physical network card obtains the SSH packet, and writes the content of the SSH packet to a network buffer list.
The physical network card can complete the SSH message content writing operation by calling a Linux kernel function write through the mapping relation between the physical network card and the network buffer list.
In step 2012, the user space application reads the corresponding SSH message content from the network buffer list and obtains the destination IP of the SSH message.
After the physical network card writes the SSH message into the network buffer list, the user space application receives a notification message (also called a wake-up instruction), so as to activate the user space application to the network buffer list and initiate a read function operation, thereby obtaining the corresponding SSH message content.
Through the optimization processing in the foregoing step 2011 and step 2012, the Linux kernel does not need to directly access to the processing process of the SSH packet, but only needs to provide the network buffer list storage area, so that the efficiency of the user space application program for acquiring the SSH packet content can be improved, otherwise, according to the processing process in the prior art, the reaction content of the Linux content on the SSH packet is also mixed between the user space application program and the physical network card, thereby reducing the efficiency of the routing function realized by the entire Linux-based system.
In combination with the embodiment of the present invention, in addition to receiving a message (for example, the SSH message) sent from another router or terminal, and generating and sending a response message, the embodiment of the present invention may also be used to actively initiate a message by using a router implemented based on the Linux system, and specifically, the method further includes actively initiating a message by using a user space application program, which is described as follows:
the user space application program calls a socket function interface, specifies the IP address of the target equipment and actively sends a message from the virtual network card; wherein the actively sending out the message comprises: actively establishing BGP neighbor messages with the router, updating messages of routing tables in other routers in the network topology, sending messages of the fault of the local physical network card to the server, and sending one or more DPI analysis messages to the server.
The message for actively establishing the BGP neighbor with the router is a service type message based on a BGP protocol, and is used for establishing and completing a BGP network topology framework; the updating of the messages of the routing tables in other routers in the network topology is the performance of the existing dynamic routing table establishment function transplanted to the embodiment of the invention; the sending of the message that the local physical network card has a fault to the server is a problem that is solved by the router with the loopback interface function provided by the embodiment of the present invention, that is, how to notify the server at the first time after a part of the hardware network card has a fault, and the corresponding problem can be reported in time through the user space application program of the present invention; sending a DPI analysis packet to a server is an additional function derived after a deep packet analysis function is further provided in the embodiment of the present invention, that is, reporting a packet type, a packet total amount of a specified application type, a number of access packets of a specified destination address, and the like forwarded within a period of time to the server, all of which belong to a data category that can be carried by the DPI analysis packet.
With reference to the embodiment of the present invention, there is also an extension scheme, in which a corresponding SSH packet may be represented as an update packet of the server for the second routing table, and the method further includes:
receiving an update message of a second routing table, wherein the update message of the second routing table is analyzed by a server side according to a deep message generated according to a current network type state, and then identified routing strategies corresponding to different application types, network speed configurations and/or bandwidth requirements are obtained; the corresponding routing policy in the locally stored second routing table is updated. It should be emphasized that the update packet of the second routing table is realized only after the SSH packet forwarding method for realizing a router based on the Linux system according to the embodiment of the present invention has the deep packet analysis function described in the above extension scheme. And the most intuitive expression of updating the corresponding routing strategy in the second routing table stored locally is that the message of the application A is obtained by deep packet analysis, and the message is configured to the physical network card A according to the routing strategy and is sent.
The example of the application route for the deep packet parsing is as follows:
1) and configuring application routing rules for the user space application program, for example: the message downloaded by the thunder is sent out from the network card eth 1.
2) And the user space application program performs protocol identification on the received service message, for example, the protocol identification is as follows: the destination IP is dip1, the destination port is port1, and the message with protocol type proto1 is downloaded by thunder.
3) And updating the second routing table by the user space application program to generate a new routing table entry: the destination IP is dip1, the destination port is port1, and the message with protocol type proto1 is sent from network card eth 1.
4) And after reading the response message from the cache region of the corresponding virtual network card by the user space application program, inquiring a second routing table in the user space application program, and selecting an outlet physical network card of the response message according to the searched second routing table item.
Because the deep packet analysis function and the corresponding routing strategy are introduced into the Linux system-based router provided by the embodiment of the invention, when the first physical network card in the local device fails, the routing strategy different from the previous routing strategy needs to be adjusted. Therefore, in combination with the embodiment of the present invention, there is also a preferred implementation scheme, specifically, the user space application program updates the local second routing table, and updates the routing table entry of the packet originally distributed to the first physical network card based on deep packet analysis to the second physical network card with the closest performance to the first physical network card.
Example 2:
compared with the method for forwarding the SSH message based on the Linux system and implementing the router in embodiment 1, the SSH message written into the cache area of the corresponding virtual network card in step 202 is further refined, so that the data size and the execution speed required to be read for subsequently analyzing the SSH message are further improved, as shown in fig. 6, the method specifically includes:
in step 301, the physical network card receives the SSH packet, and the user space application program obtains the SSH packet and parses a destination IP of the SSH packet.
The physical network card is a direct receiving device for data messages, the physical network card generally refers to a network card device inserted on a mainboard or integrated on the mainboard, and the physical network card is provided with a network port or a wireless broadband transceiver module connected with an external network. And the virtual network card provides an interface for user space applications to access kernel data.
In step 302, the user space application program determines that the destination IP of the SSH packet is the same as the loopback interface IP of the virtual network card, removes the ethernet two-layer header of the SSH packet to obtain a second packet, and writes the second packet into the cache region of the corresponding virtual network card.
The second packet is usually written into the cache of the corresponding virtual network card by using the write () system function of the Linux system.
The above message is received from the outside, the two-layer header depends on the network state when the message is sent from the outside, but the two-layer header is not needed to be concerned when the response message is generated, so the two-layer header is eliminated (for example, the virtual network card TUN is a three-layer device, only the IP is concerned, and the two-layer mac header is not concerned, so the two-layer header is not concerned by the response message); when the response message in the following step 303 is sent by the program, the routing table on the Linux system needs to be searched first, the portal is determined according to the result of the routing table search, and the specific two-layer header is encapsulated according to the configuration of the portal (for example, whether there is a vlan).
In step 303, after the virtual network card acquires the second message through the corresponding cache region, and confirms that the destination port of the SSH message is the same as the preset port monitored by the SSH process, the SSH message is delivered to the SSH process for processing, and the SSH process generates a response message according to the SSH protocol.
In step 304, a first routing table on the Linux system is queried, and according to the found corresponding routing table entry, the virtual network card is selected to send a response message of the SSH process. And the response message is stored in a cache region of the corresponding virtual network card.
The first routing table stores a loopback interface IP address of the virtual network card and a policy route of a port number of the corresponding virtual network card, the policy route is selected based on the loopback interface IP as a source address, and the virtual network card queries the policy route to select the virtual network card when generating a response message. In order to reduce the occupation and the loss of resources of an inner core of the Linux system, in the embodiment of the present invention, the first routing table does not store external routing information, but only stores a loopback interface IP address of a virtual network card and a port number of the corresponding virtual network card, so that when a user space application program calls a corresponding response message, the user space application program knows the implementation intention of the response message, that is, a specific physical network card needs to be formulated through the loopback interface IP address to complete the transmission of the message.
In step 305, the user space application program reads the response message from the cache area of the corresponding virtual network card, queries the second routing table in the user space application program, selects an egress physical network card of the response message according to the found second routing table entry, encapsulates the response message in the ethernet two-layer header, and sends out the response message through the egress physical network card.
The second routing table stores the IP addresses of the routers and the port numbers (e.g., source IP, destination port, etc.) of the corresponding routers in the network environment of the routing, the routing is performed based on the source IP network segment, the destination port range and the protocol type (TCP/UDP), and the user space application program queries the routing to select the physical network card. In an embodiment of the present invention, a total of possibly up to thousands of routing table entries are stored in said second routing table at the user space level.
The embodiment of the invention realizes the loop back interface function presented by the router based on the Linux system to the outside by designing the virtual network card, improves the stability of the router, realizes the intervention of a user space application program in the reading, analyzing and sending processes of the data message by establishing the virtual network card, and provides a design interface for solving the problem of the complicated analyzing process which can not be realized by the conventional router in the subsequent extension implementation scheme of the invention.
The embodiment of the present invention may also use the implementation manners of the extensions in embodiment 1 (especially, the related contents of the deep packet analysis in embodiment 1), and details are not described herein again.
Example 3:
the embodiment of the present invention elaborates the process of creating the network buffer list in embodiment 1 in a manner of introducing Linux kernel code. As shown in fig. 7, the method specifically includes:
establishing a certain number of skbs in a Linux kernel, and then connecting by using e1000_ rx _ ring buffer queue descriptors to form a network buffer list; wherein, the skb marks a cache;
the Linux kernel establishes a mapping relation between a physical network card and the network buffer list; and the control right of the buffer area is switched between the physical network card and the virtual network card according to the writing and reading requirements of data.
The kernel establishes a mapping relationship between the physical network card and the network buffer list by calling dma _ map _ single (structure device dev, void buffer, size _ t size, enum dma _ data _ direction direction). In the function, struct device dev describes a physical network card device; the buffer represents an address mapped to the physical network card device, namely a certain skb, and if all the addresses are mapped, a loop of a two-way linked list is performed in the embodiment of the invention; size represents the cache size; direction indicates the direction of the mapping, i.e. who passes to whom, generally speaking, it is a "two-way" mapping, with data flowing in both directions between the device and the memory; for a physical network card (also described as a PCI device above), a buffer (i.e., a network buffer list proposed in the embodiment of the present invention) is given to the physical network card device through another wrapping function PCI _ map _ single, and the physical network card device can directly read/fetch data from the inside.
On the other hand, the kernel cancels the mapping by calling the function dma _ unmap _ single, and for the physical network card device, usually calls the wrapping function pci _ unmap _ single of the kernel, and if the mapping is not cancelled, the cache control right is still in the hand of the physical network card device; therefore, to call the dma unmap single function, the initiative is handed over to the CPU (or to be understood as the user space application proposed in the present invention), since we have already received the data, the data should be handed by the CPU to the user space application.
Therefore, with reference to the embodiment of the present invention, if the virtual network card is a TUN network card, the writing of an SSH message to a character device file of the virtual network card by the user space application using a write () system function call is as shown in fig. 7, and specifically includes:
when a user space application program uses a write () system function to call and write an SSH message to a character equipment file of the TUN network card, a TUN _ chr _ write () function is called, receives data from a user area by using TUN _ get _ user (), stores the data into a cache area of a virtual network card, then sends the cache area of the virtual network card to a TCP/IP protocol stack for processing by using a netif _ rx () function, confirms that a target port of the SSH message is the same as a preset port monitored by an SSH process, and transfers the target port of the SSH message to the SSH process to finish the generation of a response message.
With reference to the embodiments of the present invention, the virtual network card is specifically a TUN network card, and the invoking a read () system function reads a response packet from the corresponding virtual network card specifically includes:
the TCP/IP protocol stack transmits the generated response message to the TUN network card, the TUN network card calls a registered hard _ start _ xmit function to send, and the hard _ start _ xmit function calls a TUN _ net _ xmit function again, and then wakes up a blocked process for reading data by using TUN character equipment in a user space application program, the process reads the response message to the character equipment through a read function, and particularly, the character equipment part of the TUN equipment calls a TUN _ chr _ read () process to read a cache region of a virtual network card and sends the cache region to a user region; so that the user space application program can obtain the response message of the virtual network card.
Example 4:
the embodiment of the present invention describes a specific implementation process of embodiment 1 of the present invention by a manner related to a Linux kernel state and a structure layer structure of a user interval, and is associated with a relatively more specific flowchart, and it should be emphasized that, when the method flow described in the embodiment of the present invention is started to be executed, the establishment of the virtual network card and the generation of the corresponding network buffer list as described in embodiment 2 have been completed; and configuring a TCP (transmission control protocol) 22 port of the SSH process monitoring loopback interface and starting the SSH process. As shown in fig. 7 and 8, the method specifically includes:
in step 401, after receiving the SSH message, the physical network card writes the SSH message into the network buffer list through the mapping relationship with the network buffer list. The corresponding network buffer linked list is in kernel mode, and the corresponding logical position relationship is shown in fig. 7.
In step 402, after the physical network card completes data writing, an interrupt is triggered, so that the user space application program can obtain the read and write permissions of the network buffer list by unmapping through the function dma _ unmap _ single.
In step 403, the SSH message is obtained from the corresponding network buffer list by the user space application.
In step 404, the user space application program determines that the destination IP of the SSH message is the same as the loopback interface IP of the virtual network card, then step 405 is executed; otherwise, step 406 is performed.
In step 405, the user space application removes the ethernet two-layer header of the SSH packet to obtain a second packet, sends the second packet to the buffer of the virtual network card through the tun _ chr _ write () function, and proceeds to step 407.
In step 406, if the user space application program determines that the destination IP of the SSH packet is not the same as the loopback port IP of the virtual network card, the user space application program queries a route (a second route) in the application program and forwards the SSH packet according to the matched second route.
In step 407, after the virtual network card obtains the second packet and stores the second packet in the corresponding cache region, a function netif _ rx () is called to send the second packet in the cache region of the virtual network card to the TCP/IP protocol stack for processing, the TCP/IP protocol stack confirms that the destination port of the second packet is the same as the port monitored by the SSH process and is the TCP protocol 22 port, and then sends the packet to the SSH process for processing, and the SSH process generates a response packet according to the SSH protocol and sends the response packet to the TCP/IP protocol stack.
And the TCP/IP protocol stack inquires a first routing table on the Linux system and selects a virtual network card to send a response message of the SSH process according to the found first routing table item.
And the response message is returned to the virtual network card by the TCP/IP protocol stack and is stored in the cache region of the corresponding virtual network card.
In step 408, the virtual network card wakes up the process of using the TUN character device to read data, which is blocked in the user space application program, and the process reads the response message to the character device through the read function, specifically, the character device of the TUN device calls the TUN _ chr _ read () process to read the cache area of the virtual network card to obtain the response message, then queries the second routing table in the user space application program, and selects the outlet physical network card of the response message according to the found second routing table entry.
In step 409, the response packet is sent out through the egress physical network card after being encapsulated in the ethernet two-layer header.
Example 5:
when the port IP of each physical network card in the framework set in the embodiment of the present invention fails, how to complete the loopback interface function through the virtual network card and the framework matched with the virtual network card provided by the present invention. As shown in fig. 9, the method specifically includes:
an application program of the Linux system has access right of a loopback port loopback0 corresponding to a virtual network card, the IP address of a corresponding loopback0 is IP1, a router R2 specifies that a BGP neighbor is established with the IP address IP1 through the IP address IP2, a route I is selected by R2 according to dynamic routing protocol negotiation, and the current physical network card eth2 associated with the application program is communicated with the IP address IP1 of the loopback port loopback0 of the virtual network card.
At this time, when eth2 fails, each router (R1-R4) senses this change through the dynamic routing protocol, and regenerates its respective routing table entry, at this time, R2 selects line ±, and communicates with loopback interface loopback0 of the virtual network card through eth3, in this change, because R2 communicates with loopback interface loopback0 of the virtual network card, even if eth2 fails, only the routing table entry changes, the original communication is not interrupted, but if R2 communicates with IP of the network card eth2, if eth2 fails, the communication between the two is interrupted.
Example 6:
fig. 10 is a schematic structural diagram of an SSH packet forwarding apparatus for implementing a router based on a Linux system according to an embodiment of the present invention. The SSH packet forwarding apparatus implementing a router based on the Linux system of this embodiment includes one or more processors 21 and a memory 22. In fig. 10, one processor 21 is taken as an example.
The processor 21 and the memory 22 may be connected by a bus or other means, and fig. 10 illustrates the connection by a bus as an example.
The memory 22, as a non-volatile computer-readable storage medium for implementing the SSH packet forwarding method and apparatus for a router based on a Linux system, may be used to store a non-volatile software program, a non-volatile computer-executable program, and modules, such as the SSH packet forwarding method for implementing a router based on a Linux system in embodiment 1 and corresponding program instructions. The processor 21 executes various functional applications and data processing of the SSH packet forwarding apparatus for implementing a router based on the Linux system by running the nonvolatile software program, instructions and modules stored in the memory 22, that is, implements the SSH packet forwarding method for implementing a router based on the Linux system as described in embodiments 1 to 6.
The memory 22 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 22 may optionally include memory located remotely from the processor 21, and these remote memories may be connected to the processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The program instructions/modules are stored in the memory 22, and when executed by the one or more processors 21, execute the SSH message forwarding method for implementing a router based on the Linux system in the above embodiment 1, for example, execute the steps shown in fig. 1 to embodiment 6 described above.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, or the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A method for realizing SSH message forwarding of a router based on a Linux system is characterized in that a virtual network card is created on the Linux system, a loopback interface IP address is configured for the virtual network card, a TCP protocol preset port of an SSH process monitoring loopback interface is configured, and the SSH process is started, and the method comprises the following steps:
the physical network card receives the SSH message, and a user space application program acquires the SSH message and analyzes a target IP of the SSH message;
the user space application program confirms that the target IP of the SSH message is the same as the loopback interface IP of the virtual network card, and writes the SSH message into the cache region of the corresponding virtual network card;
after the virtual network card acquires the SSH message through the corresponding cache region, if the target port of the SSH message is confirmed to be the same as the preset port monitored by the SSH process, the SSH message is sent to the SSH process for processing, and the SSH process generates a response message according to an SSH protocol;
inquiring a first routing table on a Linux system, and selecting the virtual network card to send a response message of the SSH process according to the found first routing table item; wherein, the response message is stored in the buffer area of the corresponding virtual network card;
and the user space application program reads the response message from the cache region of the corresponding virtual network card, inquires a second routing table in the user space application program, selects an outlet physical network card of the response message according to the searched second routing table item, and sends the response message out through the outlet physical network card.
2. The SSH message forwarding method for implementing the router based on the Linux system according to claim 1, wherein the first routing table stores a loopback port IP address of the virtual network card and a policy routing of a port number of the corresponding virtual network card, the policy routing performs routing based on the loopback port IP as a source address, and the virtual network card queries the policy routing to select the virtual network card when generating the response message; the second routing table stores a routing network environment, is composed of the IP addresses of all routers and the port numbers of the corresponding routers, is used for a user space application program to inquire the routing and select a physical network card, and carries out routing based on a source IP network segment, a destination port range and a protocol type.
3. The SSH packet forwarding method for implementing a router based on a Linux system as recited in claim 1, wherein the user space application program queries the second routing table in the user space application program after reading the response packet from the cache area of the corresponding virtual network card, and selects an egress physical network card of the response packet according to the found second routing table entry, further comprising:
the application program carries out deep packet analysis on the response message to obtain one or more analysis results of the application type, the network speed configuration and the bandwidth requirement of the response message; and according to the analysis result and the second routing table entry, selecting and matching a physical network card and a corresponding port which are suitable for the application type, the network speed configuration and/or the bandwidth requirement, and transmitting the response message.
4. The SSH message forwarding method for realizing the router based on the Linux system as recited in claim 3, wherein the method further comprises:
receiving an update message aiming at a second routing table, wherein the update message aiming at the second routing table is generated by a server side according to the current network type state and is used for deep message analysis, and then identified routing strategies corresponding to different application types, network speed configurations and/or bandwidth requirements are carried out;
the user space application updates the corresponding routing policy in the second routing table stored locally.
5. The SSH message forwarding method for realizing the router based on the Linux system according to claim 3, wherein when a first physical network card in the local device fails, the user space application detects the network card failure, notifies the adjacent router through the dynamic routing protocol, and updates the local second routing table, and updates the routing table entry of the message originally distributed to the first physical network card based on deep packet analysis to a second physical network card with the closest performance to the first physical network card.
6. The SSH message forwarding method for realizing the router based on the Linux system according to any one of claims 1 to 5, wherein before the user space application program obtains the destination IP of the SSH message from the SSH message received from the physical network card, the method further comprises:
establishing a preset number of caches in a Linux kernel, and then connecting the caches by using a ring buffer queue descriptor to form a network buffer list;
the Linux kernel establishes a mapping relation between a physical network card and the network buffer list; and the control right of the buffer area is switched between the physical network card and the user space application program according to the writing and reading requirements of data.
7. The SSH packet forwarding method for implementing a router based on a Linux system according to any one of claims 1 to 5, wherein writing the SSH packet to a cache area of a corresponding virtual network card specifically includes:
when a user space application program uses a write () system function to call and write an SSH message into a character device file of the virtual network card, a tun _ chr _ write () function is called, and the tun _ chr _ write () function uses tun _ get _ user () to receive data from a user area, wherein the data is stored into a cache area of the virtual network card; so that the virtual network card calls a function netif _ rx () to send the cache area of the virtual network card to a TCP/IP protocol stack for processing, and when the destination port of the SSH message is confirmed to be the same as the preset port monitored by the SSH process, the SSH process forwards the SSH message to complete the generation of the response message.
8. The SSH message forwarding method for implementing a router based on a Linux system as recited in claim 7, wherein the user space application reads a response message from a cache area of a corresponding virtual network card, and specifically comprises:
the TCP/IP protocol stack stores the generated response message in a cache region of the virtual network card; awakening the blocked process of reading data by using the character device of the virtual network card, reading the cache area of the virtual network card by using the character device of the virtual network card, and sending each read cache to the user space application program.
9. The SSH packet forwarding method for implementing a router based on a Linux system as recited in claim 1, wherein the method further comprises the user space application program actively initiating a packet outwards, specifically comprising:
the user space application program calls a socket function interface, specifies the IP address of the target equipment and actively sends a message from the virtual network card; wherein the actively sending out the message comprises: actively establishing BGP neighbor messages with the router, updating messages of routing tables in other routers in the network topology, sending messages of the fault of the local physical network card to the server, and sending one or more DPI analysis messages to the server.
10. An SSH message forwarding device for realizing a router based on a Linux system is characterized by comprising:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions programmed to perform the SSH message forwarding method for router implementation based on Linux system as recited in any one of claims 1-9.
CN201810556868.8A 2018-06-01 2018-06-01 Linux system based SSH message forwarding method and device for realizing router Active CN108494679B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810556868.8A CN108494679B (en) 2018-06-01 2018-06-01 Linux system based SSH message forwarding method and device for realizing router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810556868.8A CN108494679B (en) 2018-06-01 2018-06-01 Linux system based SSH message forwarding method and device for realizing router

Publications (2)

Publication Number Publication Date
CN108494679A CN108494679A (en) 2018-09-04
CN108494679B true CN108494679B (en) 2020-01-07

Family

ID=63351504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810556868.8A Active CN108494679B (en) 2018-06-01 2018-06-01 Linux system based SSH message forwarding method and device for realizing router

Country Status (1)

Country Link
CN (1) CN108494679B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111030980A (en) * 2019-08-09 2020-04-17 哈尔滨安天科技集团股份有限公司 Linux transparent network equipment platform implementation method, device and storage medium
CN111541591B (en) * 2020-07-09 2020-09-15 武汉绿色网络信息服务有限责任公司 SSH-based server detection method and device
CN115103036A (en) * 2022-05-20 2022-09-23 中国科学院计算技术研究所 Efficient TCP/IP datagram processing method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506408A (en) * 2014-12-31 2015-04-08 杭州华三通信技术有限公司 Data transmission method and device based on SDN
US9531715B1 (en) * 2014-05-07 2016-12-27 Skyport Systems, Inc. Method and system for protecting credentials
CN106559246A (en) * 2015-09-30 2017-04-05 杭州华三通信技术有限公司 The implementation method and server of cluster
CN106559428A (en) * 2016-11-25 2017-04-05 国云科技股份有限公司 The method that a kind of anti-virtual machine IP and MAC is forged
CN106953795A (en) * 2016-01-07 2017-07-14 中兴通讯股份有限公司 Configure the method and device of many network interface cards

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9531715B1 (en) * 2014-05-07 2016-12-27 Skyport Systems, Inc. Method and system for protecting credentials
CN104506408A (en) * 2014-12-31 2015-04-08 杭州华三通信技术有限公司 Data transmission method and device based on SDN
CN106559246A (en) * 2015-09-30 2017-04-05 杭州华三通信技术有限公司 The implementation method and server of cluster
CN106953795A (en) * 2016-01-07 2017-07-14 中兴通讯股份有限公司 Configure the method and device of many network interface cards
CN106559428A (en) * 2016-11-25 2017-04-05 国云科技股份有限公司 The method that a kind of anti-virtual machine IP and MAC is forged

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于硬件队列扩展的网卡虚拟化方案;朱峪,吴俊敏;《计算机工程》;20120531;第38卷(第10期);全文 *

Also Published As

Publication number Publication date
CN108494679A (en) 2018-09-04

Similar Documents

Publication Publication Date Title
CN106789667B (en) Data forwarding method, related equipment and system
CN106375231B (en) A kind of flow switching method, equipment and system
JP5621778B2 (en) Content-based switch system and content-based switch method
CN108494679B (en) Linux system based SSH message forwarding method and device for realizing router
CN108881027B (en) Method and device for realizing radius message forwarding of router based on Linux system
US11895197B2 (en) Communication method and apparatus
CN113872845B (en) Method for establishing VXLAN tunnel and related equipment
EP3456020B1 (en) Mechanism for inline packet response generation in software defined networks
US9118608B2 (en) Communication apparatus, control method therefor, and computer-readable storage medium
CN109768908B (en) VXLAN configuration method, equipment and system
US11800587B2 (en) Method for establishing subflow of multipath connection, apparatus, and system
US10855491B2 (en) Method for implementing GRE tunnel, access point and gateway
WO2017107871A1 (en) Access control method and network device
CN108881026B (en) Linux system based BGP message forwarding method and device for realizing router
CN114143258B (en) Service agent method based on Open vSwitch under Kubernetes environment
CN112887209A (en) Method for establishing table item related to data transmission and related equipment
CN108718279B (en) Port authentication message forwarding method and device for realizing router based on Linux system
CN113965521A (en) Data packet transmission method, server and storage medium
CN108768851B (en) A kind of router loopback mouth method and apparatus realized based on linux system
CN104471538A (en) Data stream processing method, device and system
JPWO2019240158A1 (en) Communication system and communication method
CN113260072B (en) Mesh networking traffic scheduling method, gateway equipment and storage medium
JP2002176446A (en) Terminal location information management method, terminal location information management system employing the method, and home agent and border gateway used for the system
CN108259292B (en) Method and device for establishing tunnel
US11870685B2 (en) Packet capsulation method and packet capsulation device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant